WASHINGTON-The practice of pretexting-impersonating a customer to obtain call records-is illegal, the chairman of the Federal Trade Commission told reporters this morning.
“In no way is the practice of pretexting legal, and we are working with the Federal Communications Commission to close these avenues,” said FTC Chairman Deborah Platt Majoras. “We, together with the FCC, are working to stop these practices and we are talking to Congress about whether any additional protections are needed.”
The FTC believes pretexting is illegal because it is a deceptive act used to gain sensitive information, said Betsy Broder, assistant director in the FTC’s division of privacy and identity protection.
Broder acknowledged that the FTC does not have jurisdiction over communications carriers, but she said the agency has jurisdiction over the data brokers that are obtaining and selling this information. The FCC has jurisdiction over communications carriers. She called it “complementary jurisdiction.”
Majoras held a press briefing late this morning to announce a settlement with Choice Point Inc. regarding its data-theft problem first revealed last year. As part of the settlement, Choice Point will pay the FTC’s largest civil penalty ever, $10 million, and an additional $5 million into a customer-restitution fund.
One of the laws that Choice Point is alleged to have violated is the protection of customer data. It is similar data that is involved in the ongoing cell-phone record scandal that broke two week ago when the CBS Evening News broadcast a report critical of the wireless industry and the apparent theft and sale of customer-call records. The CBS story came out shortly after an Internet blogger managed to buy the cell-phone records of retired Army General Wesley Clark. Clark appeared on Capitol Hill Tuesday to urge passage of the legislation that would specifically protect communications records from pretexting.
Majoras said an FTC representative is set to testify on Capitol Hill next week.
Earlier this week, the House Commerce Committee began its investigation into the data brokering of cell-phone records by requesting that the FCC turn over information on how wireless carriers protect their call records.
Each year carriers must certify that they are protecting customer proprietary network information. However, the certifications are not filed with the FCC; instead each carrier must make it available upon request, said David Fiske, director of the FCC’s Office of Media Relations.
Therefore, the FCC will now have to get the certifications from the carriers in order to respond to the House committee’s request.
RCR Wireless News first reported on Cingular Wireless L.L.C.’s CPNI certification for 2004. In its filing, Cingular said that all employees who have access to customer data, have outbound marketing responsibilities or are officers of the company completed privacy training by March 2003. The carrier noted that any employee who violates Cingular’s privacy policies faces disciplinary action, including possible termination. Cingular’s certification for 2005 has not yet been filed.
The other nationwide carriers did not respond to requests for their certifications.
Legislators, the FCC and others have since swarmed over the issue.
Sen. Charles Schumer (D-N.Y.) recently introduced legislation to make pretexting illegal. While Schumer’s bill, known as the Consumer Telephone Records Protection Act of 2006, is the only one to be introduced, other senators have expressed interest in solving this issue. Schumer’s bill, which has been referred to the Senate Judiciary Committee, is the toughest so far, he said, adding he would work with anyone who wants to solve the problem. Schumer said both the Judiciary and Commerce Committees have jurisdiction over the topic.
Both Verizon Wireless and T-Mobile USA Inc. appeared at the Schumer/Clark press conference. Both companies filed separate lawsuits against online data brokers they believe are obtaining and selling customer call records.
Meanwhile, Cingular announced it received another restraining order against a data broker; this time eFindOutTheTruth.com.
